CVE-2023-53101

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: zero i_disksize when initializing the bootloader inode<br /> <br /> If the boot loader inode has never been used before, the<br /> EXT4_IOC_SWAP_BOOT inode will initialize it, including setting the<br /> i_size to 0. However, if the "never before used" boot loader has a<br /> non-zero i_size, then i_disksize will be non-zero, and the<br /> inconsistency between i_size and i_disksize can trigger a kernel<br /> warning:<br /> <br /> WARNING: CPU: 0 PID: 2580 at fs/ext4/file.c:319<br /> CPU: 0 PID: 2580 Comm: bb Not tainted 6.3.0-rc1-00004-g703695902cfa<br /> RIP: 0010:ext4_file_write_iter+0xbc7/0xd10<br /> Call Trace:<br /> vfs_write+0x3b1/0x5c0<br /> ksys_write+0x77/0x160<br /> __x64_sys_write+0x22/0x30<br /> do_syscall_64+0x39/0x80<br /> <br /> Reproducer:<br /> 1. create corrupted image and mount it:<br /> mke2fs -t ext4 /tmp/foo.img 200<br /> debugfs -wR "sif size 25700" /tmp/foo.img<br /> mount -t ext4 /tmp/foo.img /mnt<br /> cd /mnt<br /> echo 123 &gt; file<br /> 2. Run the reproducer program:<br /> posix_memalign(&amp;buf, 1024, 1024)<br /> fd = open("file", O_RDWR | O_DIRECT);<br /> ioctl(fd, EXT4_IOC_SWAP_BOOT);<br /> write(fd, buf, 1024);<br /> <br /> Fix this by setting i_disksize as well as i_size to zero when<br /> initiaizing the boot loader inode.